2 results (0.003 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-47020

https://notcve.org/view.php?id=CVE-2023-47020

Multiple Cross-Site Request Forgery (CSRF) chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that lacks security controls and can accept custom content types. El encadenamiento de Multiple Cross-Site Request Forgery (CSRF) en NCR Terminal Handler v.1.5.1 permite que un atacante aumente los privilegios a través de una solicitud manipulada que implica la creación de una cuenta de usuario y la adición del usuario a un grupo de administradores. Esto es aprovechado por una función no revelada en el WSDL que carece de controles de seguridad y puede aceptar tipos de contenido personalizados. • https://github.com/Patrick0x41/Security-Advisories/tree/main/CVE-2023-47020 https://youtu.be/pGB3LKdf64w • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-47024

https://notcve.org/view.php?id=CVE-2023-47024

Cross-Site Request Forgery (CSRF) in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types. Vulnerabilidad de Cross Site Request Forgery en NCR Terminal Handler v.1.5.1 permite a un atacante remoto obtener información confidencial y escalar privilegios a través de un script manipulado al componente UserSelfService. • https://docs.google.com/document/d/18EOsFghBsAme0b3Obur8Oc6h5xV9zUCNKyQLw5ERs9Q/edit?usp=sharing https://github.com/Patrick0x41/Security-Advisories/tree/main/CVE-2023-47024 • CWE-352: Cross-Site Request Forgery (CSRF) •